<?php
// 引入数据库连接代码
include '../conn.php';

// 检查是否有 POST 数据
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // 获取用户输入的用户名和密码
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    // 查询管理员表
    $sql = "SELECT * FROM admins WHERE username = '$username'";
    $result = mysqli_query($conn, $sql);

    if ($result && mysqli_num_rows($result) > 0) {
        $row = mysqli_fetch_assoc($result);
 
        // 验证密码
        if ($row['password'] == $password) {
            // 登录成功
            session_start();
            $_SESSION['admin_id'] = $row['admin_id'];
            $_SESSION['admin_username'] = $row['username'];
            
            // 跳转到后台管理页面
            header('Location: index.php');
            exit;
        } else {
            // 密码错误
            header('Location: login.php?error=密码错误');
            exit;
        }
    } else {
        // 用户名不存在
        header('Location: login.php?error=用户名不存在');
        exit;
    }
}
// 关闭数据库连接
mysqli_close($conn);
?>
